Individually programmable most significant bits of VLAN ID

ABSTRACT

A network switch that includes an address resolution table and a VLAN table. The address resolution table comprises a VLAN identifier (ARL VID) in less significant bits, a MAC address, and an action code, wherein each VLAN identifier in the address resolution table is unique. The VLAN table is used for storing information related to frame forwarding. The VLAN table includes a VLAN identifier (VLAN VID) in more significant bits, a forward map and an un-tag map. The ARL VID is used to access an associated entry in the VLAN table.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to network devices, and in particular, to a methodand apparatus for individually programming the most significant bit of aVLAN identifier.

2. Description of the Related Art

A LAN may be configured into multiple logical LANs or Virtual LANs(VLAN) to allow network operators to configure and administer networksas a single entity, while providing users with the connectivity andprivacy of multiple separate networks. Further to this objective, theIEEE 802.1Q VLAN standard was created to break larger networks intosmaller networks so that network traffic would not capture morebandwidth than necessary. All traffic on a VLAN is sent only to users ofthat VLAN. Therefore, users not belonging to the VLAN cannot send orreceive any traffic to or from users on the VLAN.

To support IEEE 802.1Q VLAN, a current configuration of an Ethernetswitch uses a 4,096 entry Address Resolution Table (ARL) and a VLANtable. The ARL table enables the switch to find the destination port(s)for incoming frames. Each ARL entry stores a frame's VLAN ID (VID) inregisters (11:0), a frame's MAC address in registers (47:0) and anaction code which tells the switch which port(s) to send the frame to inregisters (m:0), where m is the size of the action code. The VLAN tableis used to store VLAN related information for frame forwarding.Specifically, each VLAN entry stores a VLAN forward map in registers(n:0) and a VLAN un-tag map in registers (n:0), where n is the number ofswitch ports. The maximum size of each VID is 12 bit and the maximumnumber of VIDs in the ARL table is 4,096. To support all of the VIDs inthe ARL table, the VLAN table also has 4096 entries. The switch useseach VID to access the appropriate entry in the VLAN table.

Upon receiving an incoming frame, the switch obtains the MAC destinationaddress in registers (47:0) and the VID in registers (11:0) from theincoming frame. The incoming frame's MAC destination address inregisters (47:0) and the VID in registers (11:0) are hashed to a 12 bitARL address which is used to access the ARL table. Upon obtaining theappropriate entry in the ARL table, the switch compares the VID inregisters (11:0) and MAC address in registers (47:0) in the ARL tablewith the incoming frame's VID in registers (11:0) and MAC destinationaddress (47:0). If they are the same, then there is an ARL hit and theaction code in the ARL table is used to determine which egress port(s)to send the incoming frame to. The incoming frame's VID in registers(11:0) is also used to access the VLAN table and the switch reads theforward map and the un-tag map from the VLAN entry that is associatedwith the VID. If there was an ARL hit and the ports indicated by theaction code in the ARL table are also active in the forward map, thenthe switch forwards the incoming frame to the identified egress port(s).If there was not a hit in the ARL table, but there was a match in theVLAN table, the switch uses the forward map in the VLAN table to forwardthe incoming frame to the appropriate destination port(s). If the wasnot a match in either the VLAN or ARL tables, the switch drops theframe.

It takes a lot of silicon area to accommodate a 4,096 entry VLAN table.Moreover, most systems do not use all of the VID. Therefore, a currentconfiguration uses an ARL table wherein the VID in registers (11:4) isfixed and predefined. In this configuration, the VLAN table includes 16entries. The less significant bits of the VID, i.e. registers (3:0), areused to index the VLAN table and the most significant bits of the VIDare predefined among the switch users and fixed. The drawback to thisimplementation is that the VID has to be in a continuous VLAN space. Forsome existing environments, this is difficult to implement.

SUMMARY OF THE INVENTION

In order to overcome the limitations outlined above, the presentinvention provides a network switch that includes an address resolutiontable and a VLAN table. The address resolution table comprises a VLANidentifier (ARL VID) in less significant bits, a MAC address, and anaction code, wherein each VLAN identifier in the address resolutiontable is unique. The VLAN table is used for storing information relatedto frame forwarding. The VLAN table includes a VLAN identifier (VLANVID) in more significant bits, a forward map and an un-tag map. The ARLVID is used to access an associated entry in the VLAN table.

The present invention also provides a method for forwarding an incomingframe in a network switch. The method includes the steps of uponreceiving an incoming frame, converting a MAC destination address andless significant bits of a VID from the incoming frame into a 12 bit ARLaddress which is used to access an address resolution table andcomparing an ARL VID and a MAC address from the address resolution tablewith the MAC destination address and less significant bits of the VIDfrom the incoming frame to determine if there is an ARL hit. The methodalso includes the steps of using an action code from the addressresolution table to determine at least one egress port to send theincoming frame to if, there is an ARL hit; and using the lesssignificant bits of the VID of the incoming frame to access anappropriate entry in a VLAN table. The method further includes the stepsof comparing a VLAN VID from the VLAN table with more significant bitsof the VID of the incoming frame, wherein if the VLAN VID is the same asthe more significant bits of the VID of the incoming frame, there is aVLAN match; and forwarding the incoming frame to at least one port basedon at least one of the ARL hit and the VLAN hit.

The present invention further provides an apparatus for forwarding anincoming frame in a network switch. The apparatus includes a convertingmeans for converting a MAC destination address and less significant bitsof a VID from an incoming frame into a 12 bit ARL address which is usedto access an address resolution table upon receiving the incoming frame.The apparatus also includes a comparing means for comparing an ARL VIDand a MAC address from the address resolution table with the MACdestination address and less significant bits of the VID from theincoming frame to determine if there is an ARL hit. The apparatusfurther includes means for using an action code in the addressresolution table to determine at least one egress port to which theincoming frame is sent, if there is an ARL hit and means for using theless significant bits of the VID of the incoming frame to access anentry in a VLAN table. The apparatus also includes a comparing means forcomparing a VLAN VID from the VLAN table with more significant bits ofthe VID of the incoming frame, wherein if the VLAN VID is the same asthe more significant bits of the VID of the incoming frame, there is aVLAN match. The apparatus also includes a forwarding means forforwarding the incoming frame to at least one port based on at least oneof the ARL hit and the VLAN hit.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and features of the invention will be more readilyunderstood with reference to the following description and the attacheddrawings, wherein:

FIG. 1 illustrates a configuration of a LAN which includes desktopstations that are divided into four VLANS;

FIG. 2 illustrates an Address Resolution table that is implementedaccording to the present invention;

FIG. 3 illustrates a VLAN table that is implemented according to thepresent invention;

FIG. 4 illustrates the steps implemented in the present invention; and

FIG. 5 illustrates an apparatus for forwarding an incoming frame in anetwork switch according to the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Reference will now be made in detail to the preferred embodiments of thepresent invention, examples of which are illustrated in the accompanyingdrawings. The present invention described below extends thefunctionality of the inventive method for individually programming themost significant bits of each VLAN ID in a VLAN table.

FIG. 1 illustrates a configuration of a Local Area Network (LAN) 100which includes a switch 102 and desktop stations that are divided intothree logical groups 110, 120 and 130, such that each member of a groupcan communicate with other members of the group but cannot access dataor communicate with members of other groups. In one embodiment, thepresent invention provides a flexible Virtual LAN (VLAN) configurationthat allows any number of VLAN combinations, such that each logicalgroup 110, 120 and 130 can be configured into VLANs 110, 120 and 130.

Any switch port can be grouped into a particular VLAN, for example VLAN110, by programming the appropriate VLAN control registers. To associateswitch ports with VLANs 110, 120 and 130, LAN 100 includes an array ofregisters that corresponds to associated ingress ports. Thereafter, foreach packet received in a switch on LAN 100, an Address Resolution Table(ARL) resolves the Destination Address and obtains a forwarding vectorfor the associated egress port(s). Then the ARL applies a VLAN filterfrom the VLAN register associated with the ingress port to thisforwarding vector which masks out ports not contained in this VLAN. Thisallows LAN 100 to forward packets only to those ports specified in theVLAN forwarding register and to blocks the packet from all other ports.

Specifically Ethernet data for a user on a VLAN arrive at one of theports on LAN 100. When the data packet is received, an ingresssub-module, as an ingress function, determines the destination of thepacket. The first 64 bytes of the data packet is buffered by the ingresssub-module and compared to data stored in the lookup tables to determinethe destination port(s). Also as an ingress function, the ingresssub-module slices the data packet into a number of 64-byte cells. Itshould be noted that one or more components of LAN 100 may have aningress submodule and egress submodule which provide port specificingress and egress functions. All incoming packet processing occurs inthe appropriate ingress submodule and features such as the fastfiltering processor, layer two (L2) and layer three (L3) lookups, layertwo learning, layer two table management, layer two switching, packetslicing, and channel dispatching occur in the ingress submodule. Afterlookups, fast filter processing, and slicing into cells the packet isplaced from ingress submodule into a dispatch unit and then placed ontoa CPS channel. A number of ingress buffers are provided in the dispatchunit to ensure proper handling of the packets/cells. The egresssubmodule monitors the CPS channel and continuously looks for cellsdestined for a port of a particular Ethernet Port Interface Controller(EPIC). When a Pipelined Memory Management Unit (PMMU) receives a signalthat an egress submodule associated with a destination of a packet inmemory is ready to receive cells, the PMMU pulls the cells associatedwith the packet out of the memory and places the cells on a CPS channel,destined for the appropriate egress submodule. A FIFO in the egresssubmodule continuously sends a signal onto the CPS channel that it isready to receive packets, when there is room in the FIFO for packets orcells to be received. Cells of a particular packet are always handledtogether to avoid corrupting of packets. Once the identity of the userat the ingress port is determined, ARL/L3 tables are updated to reflectthe user identification. The ARL/L3 tables of each other EPIC areupdated to reflect the newly acquired user identification in asynchronizing step.

An ARL engine in LAN 100 reads the packet; if the packet has a VLAN tagaccording to IEEE Standard 802.1q, then the ARL engine performs alook-up based upon a tagged VLAN table, which is part of a VLAN table.If the packet does not contain this tag, then the ARL engine performsVLAN lookup based upon the port based VLAN table. Once the VLAN isidentified for the incoming packet, the ARL engine performs an ARL tablesearch based upon the source MAC address and the destination MACaddress. If the result of the destination search is an L3 interface MACaddress, then an L3 search is performed of an L3 table within an ARL/L3table. If the L3 search is successful, then the packet is modifiedaccording to packet routing rules.

If a data packet is sent from a source station A into a port, anddestined for a destination station B on another port associated with thesame EPIC, the ingress submodule slices the data packet into cells. Theingress submodule then reads the packet to determine the source MACaddress and the destination MAC address. The ingress submodule, inparticular a ARL engine, performs the lookup of appropriate tableswithin ARL and VLAN tables, to see if the destination MAC address existsin ARL/L3 tables; if the address is not found, but if the VLAN IDs arethe same for the source and destination, then the ingress submodule willset the packet to be sent to all ports. The packet will then propagateto the appropriate destination address. A “source search” and a“destination search” occurs in parallel. Concurrently, the source MACaddress of the incoming packet is “learned”, and therefore added to anARL table. After the packet is received by the destination, anacknowledgement is sent by destination station B to source station A.Since the source MAC address of the incoming packet is learned by theappropriate table of B, the acknowledgement is appropriately sent to theport on which A is located. When the acknowledgement is received at theport therefore, the ARL table learns the source MAC address of B fromthe acknowledgement packet.

FIG. 2 illustrates an ARL table 202 implemented in an embodiment of theinvention wherein each switch in the network includes a 4,096 entry ARLtable 202. Each entry in ARL table 202 stores a frame's VLAN ID (VID)204 in registers (3:0), a frame's MAC address 206 in registers (47:0)and an action code 208, in registers (m:0), which tells the switch whichport(s) to send the frame to, wherein m is the size of the action code.Each VID 204 in ARL table 202 must have a unique value to properlyaccess an associated entry in the VLAN table 302.

FIG. 3 illustrates a VLAN table 302 that can reside in the internalembedded memory of a switch. Each entry in VLAN table 302 is used tostore VLAN related information for frame forwarding. Each entry in VLANtable 302 stores a VID 304 in registers (11:4), a forward map 306 inregisters (n:0) and a VLAN un-tag map 308 in registers (n:0), where n isthe number of switch ports. VID 304 may be any value, forward map 306defines the membership within a VLAN domain and un-tag map 308 controlswhether the egress packet is tagged or untagged.

To forward an incoming frame to the appropriate port(s), the switchobtains the MAC destination address in registers (47:0) and the VID inregisters (11:0) from the incoming frame. The MAC destination address inregisters (47:0) and the VID in registers (11:0) can be hashed to a 12bit ARL address which is used to access the appropriate entry in the ARLtable 202. The switch compares the VID 204 in registers (3:0) and MACaddress 206 in registers (47:0) of ARL table 202 with the incomingframe's VID in registers (3:0) and MAC destination address in registers(47:0). If they are the same, then there is an ARL hit and action code208 is used to determine which egress port(s) to send the incoming frameto. The incoming frame's VID (3:0) is also used to access an appropriateentry in VLAN table 302. The switch compares the VID 304 in registers(11:4) with the incoming frame's VID in registers (11:4). If the VIDs inregisters (11:4) of the incoming frame and VLAN table 302 are the same,then there is a VLAN match. If there is a VLAN match and an ARL hit, andif the egress port(s) indicated by action code 208 is active in VLANforward map 308, then the switch forwards the frame to the identifiedegress port(s). If there was not a hit between ARL table 202 and theincoming frame, but there was a match in VLAN table 302, then the switchuses the information in forward map 308 to forward the incoming frame tothe appropriate port(s). If there is not a match in either the VLAN 210or ARL tables 202, the switch drops the frame.

FIG. 4 illustrates one example of the steps implemented in the preferredembodiment of the invention. In Step 410, the switch obtains an incomingframe's MAC destination address in registers (47:0) and the VID inregisters (11:0). In Step 420, the incoming frame's MAC destinationaddress in registers (47:0) and the VID in registers (11:0) can behashed to a 12 bit ARL address which is used to access ARL table 202. InStep 430, the switch compares VID 204 in registers (3:0) and MAC address206 in registers (47:0) with the incoming frame's VID in registers (3:0)and MAC address in registers (47:0). If they are the same, in Step 440,action code 208 is used to determine which egress port(s) to send theincoming frame to. In Step 450, the incoming frame's VID in registers(3:0) is used to access VLAN table 302 and the switch compares VID 304in registers (11:4) with the incoming frame's VID in registers (11:4).In Step 460, if there is a VLAN match and an ARL hit, and if the egressport(s) indicated by action code 208 is active in VLAN forward map 306,then the switch forwards the frame to the identified egress port(s). Ifthere was not a hit between ARL table 202 and the incoming frame, butthere was a match in VLAN table 210, in Step 470, the switch uses theinformation in forward map 214 to forward the incoming frame to theappropriate port(s). If there is not a match in either the VLAN 210 orARL tables 202, in Step 480, the switch drops the frame.

FIG. 5 illustrates an apparatus 500 for forwarding an incoming frame ina network switch, in accordance with an embodiment of the presentinvention. The apparatus 500 includes converting means 510 forconverting a MAC destination address and less significant bits of a VLANidentifier (VID) from an incoming frame into a 12 bit address resolutiontable (ARL) address which is used to access an address resolution tableupon receiving the incoming frame. The apparatus 500 also includescomparing means 520 for comparing an ARL VID and a MAC address from theaddress resolution table with the MAC destination address and lesssignificant bits of the VID from the incoming frame to determine ifthere is an ARL hit. If there is an ARL hit, the apparatus 500 includesmeans 530 for using an action code in the address resolution table todetermine at least one egress port to which the incoming frame is sent.The apparatus 500 further includes means 540 for using the lesssignificant bits of the VID of the incoming frame to access an entry ina VLAN table. The apparatus 500 includes comparing means 550 forcomparing a VLAN VID from the VLAN table with more significant bits ofthe VID of the incoming frame. If the VLAN VID is the same as the moresignificant bits of the VID of the incoming frame, there is a VLANmatch. The apparatus 500 includes forwarding means 560 for forwardingthe incoming frame to at least one port based on at least one of the ARLhit and the VLAN match. The apparatus also includes dropping means 570for dropping the incoming frame if there is not a VLAN match and thereis not an ARL hit.

Although the invention has been described based upon these preferredembodiments, it would be apparent to those of skilled in the art thatcertain modifications, variations, and alternative constructions wouldbe apparent, while remaining within the spirit and scope of theinvention. For example, the specific configurations of packet flow arediscussed with respect to a switch configuration such as that of Soc 10.It should be noted, however, that other switch configurations could beused to take advantage of the invention. In order to determine the metesand bounds of the invention, therefore, reference should be made to theappended claims.

1. A method for forwarding an incoming frame in a network switch, themethod comprising: upon receiving an incoming frame, converting a MACdestination address and less significant bits of a VLAN identifier (VID)from the incoming frame into a 12 bit address resolution table (ARL)address which is used to access an address resolution table; comparingan ARL VID and a MAC address from the address resolution table with theMAC destination address and less significant bits of the VID from theincoming frame to determine if there is an ARL hit; if there is an ARLhit, using an action code from the address resolution table to determineat least one egress port to which the incoming frame is sent; using theless significant bits of the VID of the incoming frame to access anappropriate entry in a VLAN table; comparing a VLAN VID from the VLANtable with more significant bits of the VID of the incoming frame,wherein if the VLAN VID is the same as the more significant bits of theVID of the incoming frame, there is a VLAN match; and forwarding theincoming frame to at least one port based on at least one of the ARL hitand the VLAN match.
 2. The method of claim 1, wherein the step offorwarding the incoming frame further comprises the step of forwardingthe incoming frame to at least one indicated egress port if there is aVLAN match and an ARI hit and if the at least one egress port indicatedby the action code is active in a forward map in the VLAN table.
 3. Themethod of claim 1, wherein the step of forwarding the incoming framefurther comprises the step of using a forward map entry in the VLANtable to determine where to forward the incoming frame if there is aVLAN match and there is not an ARL hit.
 4. The method of claim 1,further comprising the step of dropping the incoming frame if there isnot a VLAN match and there is not an ARL hit.
 5. An apparatus forforwarding an incoming frame in a network switch, the apparatuscomprises: converting means for converting a MAC destination address andless significant bits of a VLAN identifier (VID) from an incoming frameinto a 12 bit address resolution table (ARL) address which is used toaccess an address resolution table upon receiving the incoming frame;comparing means for comparing an ARL VID and a MAC address from theaddress resolution table with the MAC destination address and lesssignificant bits of the VID from the incoming frame to determine ifthere is an ARL hit; if there is an ARE hit, means for using an actioncode in the address resolution table to determine at least one egressport to which the incoming frame is sent; means for using the lesssignificant bits of the VID of the incoming frame to access an entry ina VLAN table; comparing means for comparing a VLAN VID from the VLANtable with more significant bits of the VID of the incoming frame,wherein if the VLAN VID is the same as the more significant bits of theVID of the incoming frame, there is a VLAN match; and forwarding meansfor forwarding the incoming frame to at least one port based on at leastone of the ARL hit and the VLAN match.
 6. The apparatus of claim 5,wherein the forwarding means further comprises means for forwarding theincoming frame to at least one indicated egress port if there is a VLANmatch and an ARL hit and if the at least one egress port indicated bythe action code is active in a forward map in the VLAN table.
 7. Theapparatus of claim 5, wherein the forwarding means further comprisesmeans for forwarding the incoming frame if there is a VLAN match andthere is not an ARL hit, wherein a forward map entry in the VLAN tableis used to determine where to forward the incoming frame.
 8. Theapparatus of claim 5, further comprising dropping means for dropping theincoming frame if there is not a VLAN match and there is not an ARL hit.9. The apparatus of claim 5, wherein: the address resolution tablecomprises the VLAN identifier (ARL VID) in less significant bits, theMAC address, and the action code, wherein each ARL VID is unique; andthe VLAN table stores information related to frame forwarding andcomprises the VLAN identifier (VLAN VID) in more significant bits, aforward map and an un-tag map, wherein the ARL VID is used to access anassociated entry in the VLAN table.
 10. The apparatus of claim 9,wherein a determining component uses the action code to determine anetwork port to which an incoming frame is sent.
 11. The apparatus ofclaim 9, wherein the VLAN table further comprises a table with the VLANVID that may be any value, a table with at least one forward map whichdefines membership with a VLAN domain, and a table with at least oneun-tag map which controls whether an egress packet is tagged oruntagged.
 12. The apparatus of claim 9, wherein upon receiving anincoming frame, the converting means hashes the MAC destination addressand less significant bits of the VID from the incoming frame into a 12bit ARL address which is used to access the address resolution table.13. The apparatus of claim 9, further comprising accessing means forusing the less significant bits of the VID of the incoming frame toaccess the VLAN table and means for comparing the VLAN VID with moresignificant bits of the VID of the incoming frame, wherein if the VLANVID is the same as the more significant bits of the VID of the incomingframe, there is a VLAN match.